:: Deepquest ::

WordPress NAB Transact WooCommerce plugin version 2.1.0 suffers from a payment bypass vulnerability.

OX App Suite and OX Documents suffer from access control bypass, cross site scripting, and improper input validation vulnerabilities. Multiple version ranges are affected.

Seowon SlC 130 Router suffers from a remote code execution vulnerability.

The handling of KTM logs does not limit Registry Key operations to the loading hive leading to elevation of privilege.

The handling of KTM logs when initializing a Registry Hive contains no bounds checks which results in privilege escalation.

Eibiz i-Media Server Digital Signage version 3.8.0 suffers from an unauthenticated configuration disclosure vulnerability.

Eibiz i-Media Server Digital Signage version 3.8.0 suffers from an unauthenticated remote privilege escalation and account takeover vulnerability that can be triggered by directly calling the updateUser object (part of ActionScript object graphs), effectively elevating to an administrative role or taking over an existing account by modifying the settings.

Eibiz i-Media Server Digital Signage version 3.8.0 is affected by a directory traversal vulnerability. An unauthenticated remote attacker can exploit this to view the contents of files located outside of the server’s root directory. The issue can be triggered through the oldfile GET parameter.

Eibiz i-Media Server Digital Signage version 3.8.0 suffers from unauthenticated privilege escalation and arbitrary user creation vulnerability that allows authentication bypass. Once serialized, an AMF encoded object graph may be used to persist and retrieve application state or allow two endpoints to communicate through the exchange of strongly typed data. These objects are received by […]

Ruijie Networks Switch eWeb S29_RGOS version 11.4 suffers from a directory traversal vulnerability.